[server] listen = ":8080" storage_dir = "./interfaces" # ── Identity & access control ─────────────────────────────────────────────── # The end-user identity is read from a header set by a trusted authenticating # reverse proxy. Leave trusted_user_header empty for unproxied/dev/LAN use. # SECURITY: only enable this when the proxy strips any client-supplied value of # this header, otherwise it can be spoofed. trusted_user_header = "" # e.g. "X-Forwarded-User" # Identity used when the trusted header is absent/empty. Empty = anonymous. default_user = "" # Every user is trusted with full write access by default. The blacklist # downgrades specific users. Levels: "readonly" (view only, no writes) or # "noaccess" (denied entirely). # [[server.blacklist]] # user = "guest" # level = "readonly" # Named sets of users, referenced by per-panel sharing rules (future phases). # [[groups]] # name = "operators" # members = ["alice", "bob"] [datasource.epics] enabled = true ca_addr_list = "" # overrides EPICS_CA_ADDR_LIST if set archive_url = "" # EPICS Archive Appliance base URL channel_finder_url = "" # e.g. http://channelfinder:8080/ChannelFinder auto_sync_filter = "" # e.g. area=StorageRing or tags=production [datasource.synthetic] enabled = true definitions_file = "./synthetic.json"